CVE-2023-23558

MEDIUM

Eternal Terminal 6.2.1 - Sensitive Information Exposure via Fixed /tmp Path

Title source: llm

Description

In Eternal Terminal 6.2.1, TelemetryService uses fixed paths in /tmp. For example, a local attacker can create /tmp/.sentry-native-etserver with mode 0777 before the etserver process is started. The attacker can choose to read sensitive information from that file, or modify the information in that file.

References (3)

Core 3

Core References

Exploit, Issue Tracking, Third Party Advisory

https://bugzilla.suse.com/show_bug.cgi?id=1207126

Product

https://github.com/MisterTea/EternalTerminal

Mailing List, Patch, Third Party Advisory mailing-list

http://www.openwall.com/lists/oss-security/2023/02/16/1

Scores

CVSS v3 6.3

EPSS 0.0031

EPSS Percentile 22.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact total

Details

CWE

CWE-59

Status published

Products (1)

eternal_terminal_project/eternal_terminal 6.2.1

Published Feb 16, 2023

Tracked Since Feb 18, 2026